How safe are your building operations from cyber attacks?

Although estimates vary, businesses worldwide lose billions each year to cyber crime, according to a report by McAfee and the Center for Strategic and International Studies.

The modern building management system (BMS) connects to the Internet and is susceptible to intrusion. Unlike traditional, stand-alone systems, today’s intelligent building management systems (BMS) link through open protocols to IT data centers, remote access servers, and utilities.

While benefits far outweigh the risks, an integrated BMS can open an organization up to greater cybersecurity vulnerabilities.

The Cost of a Cyber Attack
Financial consequences of a cyber attack, broken down across six categories. (Source: “Understanding the economics of IT risk and reputation,” IBM, 2013)

Cybersecurity “best practices” to mitigate vulnerabilities

Commonsense measures can help to mitigate building management cybersecurity risks and any resulting financial losses. Recommended best practices include:

  1. Password management: Change default passwords before installing devices, make passwords more complex, and set up unique credentials for each site.
  2. Network management: Limit access to non-IP-based communication channels (including USB ports) and secure web interfaces from SQL injection Install firewalls and tighten physical security.
  3. User management: Grant users only the minimum amount of authority necessary to perform their jobs. This can help control any risks presented by unauthorized users or disgruntled employees.
  4. Software management: Apply software security patches as they become available, and limit deployment to authorized users.
  5. Vulnerability management: Develop a vulnerability management plan covering all types of risks and establish a formal document for each installation.

Hackers take the path of least resistance

The harder a system is to crack, the better the chances that it will be ignored by a would-be hacker. Following these best practices can make hacking a building system more difficult for cyber criminals.

Bolstering awareness of cybersecurity across an enterprise can also help guard against hackers. Not all employees can be experts in cybersecurity, but effective and regular cybersecurity training makes everyone aware of vulnerabilities and improves the chances of identifying and denying cyber attacks.

For more information, download our white paper, “Five Best Practices to Improve Building Management Systems (BMS) Cybersecurity,” and if you have questions or would like to discuss this topic, please leave a comment.

Tags: , , , ,